We have an on-prem domain syncing Users & Devices to our 365 (Azure) with AD Connect. When an AD user authenticates against Azure (ie the login page has Access Work or School) the GPOs set on-prem do not apply to the User. Only Computer GPOs with Loopback Processing enabled apply. The computer is still domain joined and the user exists on-prem and in Azure, so it's the same user account. Can anyone explain what is happening? Or, how can I get them to apply? Any help would be greatly appreciated.
If it is domain joined or hybrid joined. GPO will take precedence over anything else.
there is nothing specific you need.
If it is windows 10, i will go down to hybrid join (configure your AADConnect correctly)
with hybrid joined (or cloud joined), you will have windows 10 SSO (PRT SSO)
if domain joined, you will need to use AADConnect SSO (and add the URL to intranet)
I don't think I want to mention anything about cloud joined until you are ready.